<?php
session_start();
$host="db.cs.dal.ca"; // Host name 
$username="tameem"; // Mysql username 
$password="B00614969"; // Mysql password 
$db_name="tameem"; // Database name 
$tbl_name="users"; // Table name 

// Connect to server and select databse.
mysql_connect("$host", "$username", "$password")or die("cannot connect"); 
mysql_select_db("$db_name")or die("cannot select DB");

// username and password sent from form 
$username=$_POST['user']; 
$password=$_POST['pass']; 

// To protect MySQL injection (more detail about MySQL injection)
$username = stripslashes($username);
$password = stripslashes($password);
$username = mysql_real_escape_string($username);
$password = mysql_real_escape_string($password);
$sql="SELECT * FROM $tbl_name WHERE id='$username' and password='$password'";
$result=mysql_query($sql);

// Mysql_num_row is counting table row
$count=mysql_num_rows($result);
mysql_close($con);
// If result matched $myusername and $mypassword, table row must be 1 row
if($count==1){

// Register $myusername, $mypassword and redirect to file "index.php"
$_SESSION['username'] = $_POST['user'];
$_SESSION['password'] = $_POST['pass'];  
$_SESSION['loggedin'] = true;
header("location:index.php");
}
else {
header("location:index.php");
}
?>